Internet Assigned Numbers Authority

CBOR Web Token (CWT) Claims

Last Updated
Available Formats



Plain text

Registries included below

CBOR Web Token (CWT) Claims

Mike Jones, Hannes Tschofenig, Chuck Mortimore, Ludwig Seitz
Registration requests should be sent to the mailing list described in [RFC8392].
Available Formats

Range Registration Procedures
Integer values from -256 to 255 Standards Action
Integer values from -65536 to -257 Specification Required
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Claim Name Claim Description JWT Claim Name Claim Key Claim Value Type Change Controller Reference
Reserved for Private Use less than -65536 [RFC8392]
Unassigned -65536 to -261
hcert Health Certificate hcert -260 map [European_eHealth_Network] [Electronic Health Certificate Specification]
EUPHNonce Challenge Nonce EUPHNonce -259 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EATMAROEPrefix Signing prefix for multi-app restricted operating environments EATMAROEPrefix -258 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EAT-FDO EAT-FDO may contain related to FIDO Device Onboarding EAT-FDO -257 array [FIDO_Alliance] [FIDO Device Onboard Specification]
Unassigned -256 to -1
Reserved This registration reserves the key value 0 0 [IESG] [RFC8392]
iss Issuer iss 1 text string [IESG] [RFC8392]
sub Subject sub 2 text string [IESG] [RFC8392]
aud Audience aud 3 text string [IESG] [RFC8392]
exp Expiration Time exp 4 integer or floating-point number [IESG] [RFC8392]
nbf Not Before nbf 5 integer or floating-point number [IESG] [RFC8392]
iat Issued At iat 6 integer or floating-point number [IESG] [RFC8392]
cti CWT ID jti 7 byte string [IESG] [RFC8392]
cnf Confirmation cnf 8 map [IESG] [RFC8747]
scope The scope of an access token as defined in [RFC6749]. scope 9 byte string or text string [IESG] [RFC8693, Section 4.2]
Unassigned 10 to 37
ace_profile The ACE profile a token is supposed to be used with. ace_profile 38 integer [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10]
cnonce The client-nonce sent to the AS by the RS via the client. cnonce 39 byte string [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10]
exi The expiration time of a token measured from when it was received at the RS in seconds. exi 40 integer [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10.3]
Unassigned 41 to 65535

CWT Confirmation Methods

Registration Procedure(s)
Specification Required
Ludwig Seitz, Mike Jones
Registration requests should be sent to the mailing list described in [RFC8747].
Available Formats

Confirmation Method Name Confirmation Method Description JWT Confirmation Method Name Confirmation Key Confirmation Value Type Change Controller Reference
COSE_Key COSE_Key Representing Public Key jwk 1 COSE_Key structure [IESG] [RFC8747, Section 3.2]
Encrypted_COSE_Key Encrypted COSE_Key jwe 2 COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag) [IESG] [RFC8747, Section 3.3]
kid Key Identifier kid 3 binary string [IESG] [RFC8747, Section 3.4]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation osc 4 map [IETF] [RFC-ietf-ace-oscore-profile-19, Section 3.2.1]

Contact Information

ID Name Contact URI Last Updated
[European_eHealth_Network] European eHealth Network mailto:jakob& 2021-04-15
[FIDO_Alliance] FIDO Alliance mailto:iana-request& 2021-03-05
[IESG] IESG mailto:iesg& 2018-05-04
[IETF] IETF mailto:iesg&